CN113852591B - Camera abnormal access identification and alarm method based on improved four-level difference method - Google Patents

Camera abnormal access identification and alarm method based on improved four-level difference method Download PDF

Info

Publication number
CN113852591B
CN113852591B CN202110639063.1A CN202110639063A CN113852591B CN 113852591 B CN113852591 B CN 113852591B CN 202110639063 A CN202110639063 A CN 202110639063A CN 113852591 B CN113852591 B CN 113852591B
Authority
CN
China
Prior art keywords
reference value
data
flow data
traffic
flow
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110639063.1A
Other languages
Chinese (zh)
Other versions
CN113852591A (en
Inventor
袁海
宋文慧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianyi Digital Life Technology Co Ltd
Original Assignee
Tianyi Digital Life Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianyi Digital Life Technology Co Ltd filed Critical Tianyi Digital Life Technology Co Ltd
Priority to CN202110639063.1A priority Critical patent/CN113852591B/en
Publication of CN113852591A publication Critical patent/CN113852591A/en
Application granted granted Critical
Publication of CN113852591B publication Critical patent/CN113852591B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Abstract

The application discloses a camera abnormal access behavior identification and alarm method, which comprises the following steps: receiving a traffic data input; determining whether the stored flow data exceeds a calculation threshold; if yes, determining whether the length of the stored flow data exceeds the deleting length; if not, determining whether a cache flow reference value exists; if yes, determining whether the flow data is larger than a cache flow reference value; if yes, determining whether the alarm period is met; and if the alarm period is met, storing the flow data and outputting an alarm result.

Description

Camera abnormal access identification and alarm method based on improved four-level difference method
Technical Field
The application relates to the field of network information security, and more particularly relates to network information security protection of intelligent home.
Background
Currently, network information security has risen to a national strategy, and is a powerful motive for innovation and development. Smart home brings unlimited imagination for future life of people, and the development potential of the smart home is inevitably non-small. But in the internet age, the more data a user transmits, the more information is exposed, and the higher the probability of potential safety hazard. The home contains a large amount of personal privacy information, so that the network complete problem of the intelligent home is particularly important. The security performance for intelligent home network information is a necessary trend of industry development.
Many families can choose intelligent home equipment to install intelligent cameras at home. Especially, children and old people exist in the house, and the situation of the house can be seen at any time by installing the camera. Generally, the intelligent camera can use a high-strength private dynamic encryption system in the process of transmitting video content, so that data transmission and storage safety are ensured, each access of a user to the camera is protected by encryption, the user can only check the video through a password login APP, and meanwhile, the monitoring video can be stored in the local or cloud of the camera. However, due to potential safety hazards existing in some intelligent cameras, the intelligent cameras become sources of privacy disclosure
There are few algorithms or studies currently directed to analysis of network camera traffic anomalies. At present, the research on the abnormal flow or equipment flow of the network camera is mainly divided into several technical routes: firstly, determining a flow threshold value, and alarming when the flow threshold value is exceeded; secondly, determining flow classification and alarm of corresponding classification in a preset flow range; thirdly, analyzing big data of the equipment flow, and predicting or alarming after extracting the characteristics.
Wherein the application scenarios of the first and second scheme are very limited. For example, the first solution is only applicable if there is a certain threshold value in advance; the second solution is to classify the flow according to different flow sizes, and then to count or alarm according to different categories. The third solution is relatively suitable for complex scenes, so that a large number of data analysis features are needed, and the technical difficulty is relatively high.
Therefore, a method for timely identifying and alarming abnormal access behaviors of a camera is urgently needed in the field.
Disclosure of Invention
As described above, network cameras are increasingly used at present, and thus, an event in which the camera is controlled to cause information leakage also frequently occurs. Aiming at the security problem of the network camera. The application provides a method for identifying and alarming abnormal access behaviors of a camera, which can identify remote call access of the camera, so that the safety problem of a network camera can be solved.
Compared with the prior art, the method does not need a fixed threshold range and flow classification, and can be used for carrying out abnormality judgment as long as the flow data of the equipment is subjected to a preheating period after being reported and a reference value (expected value) is obtained through dynamic analysis of historical data. Specifically, the method can take the alarm information of abnormal flow of the camera as one judging element of abnormal access alarm of the camera, and comprehensively analyze other factors such as access time, access place and user access habit in the follow-up process to finally obtain an alarm result.
In addition, the method of the application can be suitable for various complex scenes of different types of equipment and different network conditions, and has high applicability.
Furthermore, the method of the present application provides a more cost effective way. The system not only can provide abnormal flow alarm for the camera in time, but also has proper accuracy, is not high in threshold for technical requirements, and is easy to popularize and use.
Finally, although the method of the present application is used in the following description as applied to camera security, it will be fully understood by those skilled in the art that the solution is not limited to camera devices, but is also generic for other network devices.
The following presents a simplified summary of one or more aspects in order to provide a basic understanding of such aspects. This summary is not an extensive overview of all contemplated aspects, and is intended to neither identify key or critical elements of all aspects nor delineate the scope of any or all aspects. Its sole purpose is to present some concepts of one or more aspects in a simplified form as a prelude to the more detailed description that is presented later.
According to a preferred embodiment of the present application, there is provided a method for identifying and alarming abnormal access behavior of a camera, including: receiving a traffic data input; determining whether the stored flow data exceeds a calculation threshold; if yes, determining whether the length of the stored flow data exceeds the deleting length; if not, determining whether a cache flow reference value exists; if yes, determining whether the flow data is larger than a cache flow reference value; if yes, determining whether the alarm period is met; if the alarm period is met, storing the flow data and outputting an alarm result.
According to a preferred embodiment of the present application, if the stored traffic data does not exceed the calculation threshold, the traffic data is stored and a non-alarm result is output.
According to a preferred embodiment of the present application, if the stored traffic data length exceeds the deletion length, the earliest traffic data is deleted.
According to a preferred embodiment of the present application, if there is no cache traffic reference value, a new cache traffic reference value is calculated and created according to the four-bit difference method.
According to a preferred embodiment of the present application, if the traffic data is not greater than the buffered traffic reference value, the traffic data is stored and a non-alert result is output.
According to a preferred embodiment of the present application, if the alarm period is not met, the flow data is ignored and a non-alarm result is output.
According to a preferred embodiment of the present application, calculating the new cache traffic reference value comprises: dividing each flow data into a plurality of orders of magnitude according to the number of bits; searching upper and lower quartiles and finding the median value of all flow data; moving the upper and lower quartiles by taking the magnitude of the median as a reference to redetermine the new upper and lower quartiles; the position of the new upper and lower quartiles is determined.
According to a preferred embodiment of the application, the quarter-bit difference DF is determined according to the following equation: df= (Q 3m -Q 1m ) 2, wherein Q 3m Is Q after moving 3 Is the position of Q 1m Is Q after moving 1 Is the position of Q 1 Represents the lower quartile, Q 3 Represents the upper quartile, Q 1 Is (n+1)/4, Q 3 The position of (2) is 3 (n+1)/4.
According to a preferred embodiment of the present application, a new cache traffic reference value C is calculated and created according to the following equation: c=q 3 +T 1 XDF, where T 1 Indicating tolerance, which is a value obtained by periodic analysis of flow data from a large number of devicesCan be updated periodically.
To the accomplishment of the foregoing and related ends, the one or more aspects comprise the features hereinafter fully described and particularly pointed out in the claims. The following description and the annexed drawings set forth in detail certain illustrative features of the one or more aspects. These features are indicative, however, of but a few of the various ways in which the principles of various aspects may be employed and the present description is intended to include all such aspects and their equivalents.
Drawings
So that the manner in which the above recited features of the present application can be understood in detail, a more particular description of the application, briefly summarized above, may be had by reference to aspects, some of which are illustrated in the appended drawings. It is to be noted, however, that the appended drawings illustrate only certain typical aspects of this application and are therefore not to be considered limiting of its scope, for the description may admit to other equally effective aspects.
In the drawings:
fig. 1 is a schematic diagram illustrating a method of four-bit difference calculation common in the art;
fig. 2 is a schematic diagram illustrating an improved method of quarter-bit difference calculation according to an embodiment of the present application;
FIG. 3 is a flow chart illustrating a camera abnormal access behavior identification and alerting method 300 in accordance with an embodiment of the present application;
FIG. 4a is a schematic diagram illustrating an algorithm package according to an embodiment of the application;
FIG. 4b is a schematic diagram illustrating a service for monitoring the algorithm according to an embodiment of the application; and
fig. 4c is an example schematic diagram illustrating a service for a monitoring algorithm according to an embodiment of the present application.
Detailed Description
The detailed description set forth below in connection with the appended drawings is intended as a description of various configurations and is not intended to represent the only configurations in which the concepts described herein may be practiced. The detailed description includes specific details for the purpose of providing a thorough understanding of the various concepts. It will be apparent, however, to one skilled in the art that these concepts may be practiced without these specific details. In some instances, well-known components are shown in block diagram form in order to avoid obscuring such concepts.
It is to be understood that other embodiments will be apparent based on the present disclosure, and that system, structural, procedural or mechanical changes may be made without departing from the scope of the present disclosure.
The following describes specific embodiments of a camera abnormal access behavior recognition and alarm method according to the present application with reference to the accompanying drawings.
The main functional requirements of the method of the application are: and when the upstream flow of the camera is abnormally increased, notifying alarm information. In addition, when traffic anomalies are found, the pushing of alert messages must have frequency control in order to prevent alert message flooding, resulting in a degraded user experience.
The method according to the application mainly comprises the following 4 steps, each flow is described as follows:
step 1: uplink traffic data input for receiving device
Step 2: the identification of abnormal traffic is performed according to an algorithm.
Specifically, a flow model for the device is built using the historical flow data structure, and it is possible to determine whether the new flow data is abnormal or not according to the model.
Step 3: and if the flow is abnormal, performing frequency control of the alarm message.
Step 4: and (3) returning the flow identification result (alarm/no alarm).
A flowchart of a camera abnormal access behavior identification and alerting method 300 in accordance with an embodiment of the present application is shown in fig. 3.
As shown in fig. 3, the method 300 begins with an upstream traffic data input by a receiving device. In step 301, a traffic data input is received.
After receiving the traffic data input in step 301, it is first determined in step 302 whether the length of the data stored at this time exceeds a threshold length that can be calculated by the model.
If the data length does not exceed the threshold length, then only the flow data is stored at step 303 and an output of "no alarm" is returned at step 304. This process is collectively referred to as a "data preheat" process.
To ensure the running speed of the algorithm, the traffic data reported by the device may be stored using, for example, a Redis (Remote Dictionary Server, a remote dictionary service, which is well known in the art and will not be described in detail again). Of course, those skilled in the art will fully appreciate that other types of databases capable of implementing the data storage functions of the present application may be used to store the traffic data described above.
Meanwhile, in order to reduce the storage pressure, the data in Redis are cleaned periodically. The method further comprises a step 305 of periodically determining whether the length of the data stored in the database is too long, and if so, performing clipping deletion of the data in step 306, that is, deleting the earliest traffic data according to the configured window size, and retaining the latest traffic data. Otherwise proceed to the next step 307.
In step 307, it is determined whether the device has a last calculated cache traffic reference value. If a cache value exists, then a size comparison is made directly with the existing cache value at step 308.
Otherwise, the data of a window is intercepted in step 309 to calculate the cache flow reference value, and in step 310, the new cache flow reference value is updated or created.
The purpose of this is to prevent the next algorithm model calculation from being entered each time traffic data is reported. Because the computational overhead of the algorithm model is relatively large.
The next step is to go into the calculation process of the algorithm model.
The overall idea is to use the quartile difference calculation method, i.e. the difference between the upper quartile (Q3, i.e. at 75%) and the lower quartile (Q1, i.e. at 25%).
A schematic diagram of a method of four-bit difference calculation common in the art is shown in fig. 1.
Referring to fig. 1, a specific calculation method is to perform positive sequence ordering on current flow data stored in a Redis database, and then locate Q3 75% bit number and Q1 25% bit number as upper and lower quartiles. Then, a median is taken as a quartile by the upper and lower quartiles. Then, the upper limit tolerance is obtained through calculation to serve as a reference value.
However, the technical solution of the present application optimizes the positioning of the upper and lower quadrants. In particular, the values are divided into orders of magnitude by number of bits, such as 10 being of the order of 2 and 100 being of the order of 3. And sequentially corresponding to the rules. After searching the upper and lower quartiles, the median of the sequence is found, and then the position of the upper and lower quartiles is moved again with the order of magnitude of the median as a reference until a boundary position equal to the order of magnitude of the median is found.
A schematic diagram of an improved method of calculating a quarter-bit difference according to an embodiment of the present application is shown in fig. 2.
As shown in the sequence in fig. 2, the upper and lower quartiles found initially are 10120 (on the order of 5) and 995 (on the order of 3) positions, with the number of bits 8560 (on the order of 4). The position of the original upper and lower quartiles is moved according to the order of magnitude (4) of the median. Eventually, the original upper and lower quartile positions will be moved to the new upper and lower quartile positions, i.e., the new upper quartile 8560 (on the order of 4), and the lower quartile 1250 (on the order of 4) (the upper and lower quartiles are on the same order as the median). The last determined position of the new upper and lower quartile is [2,5], upper and lower quartile 1250 and 8560, respectively.
The formula of the calculation can be summarized as follows:
Q 1 represents the lower quartile, Q 3 Representing the upper quartile. The data are first ordered to find Q 1 、Q 3 The position where it is located; then determining the corresponding sign value Q according to the position 1 、Q 3 The method comprises the steps of carrying out a first treatment on the surface of the And finally, calculating half of the difference between the two, namely the quarter bit difference DF.
Position of Q1: (n+1)/4 (where n is the data amount of the selected window)
Q 3 Is defined by the position of: 3 (n+1)/4
Post-movement Q 1 Position: q (Q) 1m
Post-movement Q 3 Position: q (Q) 3m
DF: (Q 3m -Q 1m )/2
Wherein Q is 1m And Q 3m Representing the position corresponding to the new upper and lower quartiles after modifying the moving quartiles in the manner described above.
And finally, calculating by using the tetrad difference and the tolerance to finally obtain a reference value of the equipment, wherein the calculation formula is as follows:
C=Q 3 +T 1 ×DF
where C is the final calculated reference value and T1 in the formula indicates tolerance, which is a value obtained by periodic analysis based on the flow data of a large number of devices, and which can be updated periodically.
The calculated reference value C is stored in the memory by the algorithm in the form of a key value pair of the device number and the reference value. And if the reference value of the equipment is changed, the reference value is updated directly. A first determination may be made of subsequent flow data using the reference value (step 308), and if the current flow is less than the reference value, the flow data is stored and no alert is made (steps 303, 304). If the historical traffic data of the equipment is larger than the reference value, the historical traffic data of the equipment is reused for a second judgment. In any case, when the size of the subsequent flow data is greater than the reference value, the judgment of the alarm period is entered in step 311.
If the alarm period is met, the flow data is stored and an alarm is performed at step 312. If the alarm period is not met, the flow data is ignored at step 313 and no alarm is given (step 304).
Finally, the result is output at step 314.
The algorithm may be packaged as a micro service trafficator, and deployed on a server after being packaged by a docker (open source application container engine), along with a security lan service receiving camera traffic reports, a database dis service storing camera traffic data, and mySQL (relational database management system) services storing other data, and the contents are shown in fig. 4 a.
The trafficator micro-service is the micro-service of the encapsulation algorithm, and the camera flow data is forwarded to the trafficator micro-service through the security lan trafficator micro-service after being collected and reported. And a monitoring service can be set up to monitor whether the algorithm recognizes abnormal traffic information, as shown in fig. 4 b.
First, the camera is connected under the gateway and a warm-up period of time (in this example, 5 minutes) passes. The software is then used to access the camera's view of the monitoring screen, whereupon the monitoring screen shown in fig. 4c can be seen in the otherwise constructed monitoring. Through the picture, whether the model can normally identify abnormal access behaviors along with the access of the user or not can be seen, and alarm information is pushed.
Compared with the prior art, the application has the following outstanding technical advantages and effects.
Firstly, the intelligent flow analysis device can flexibly adapt to cameras of different types, and the scheme of the application is not limited to the cameras, and can be popularized to flow analysis of large-flow intelligent equipment, so that the intelligent flow analysis device has good adaptability.
Secondly, the reporting period is ignored in the scheme of the application, so that the reporting period of the flow data can be flexibly set.
Thirdly, the service deployment flow of the running algorithm in the scheme of the application is simple, not only can provide abnormal flow alarming for the camera in time, but also has proper accuracy, so the service deployment flow can be rapidly deployed and expanded, and has high cost performance.
It should be understood that the specific order or hierarchy of steps in the methods disclosed are illustrations of exemplary processes. Based on design preferences, it is understood that the specific order or hierarchy of steps in the methods or method systems described herein may be rearranged. The accompanying method claims present elements of the various steps in a sample order, and are not meant to be limited to the specific order or hierarchy presented, unless specifically recited herein.
The previous description is provided to enable any person skilled in the art to practice the various aspects described herein. Various modifications to these aspects will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other aspects. Thus, the claims are not intended to be limited to the aspects shown herein, but is to be accorded the full scope consistent with the language of the claims, wherein reference to an element in the singular is not intended to mean "one and only one" (unless specifically so stated) but rather "one or more". The term "some" means one or more unless specifically stated otherwise. The phrase referring to "at least one of" a list of items refers to any combination of those items, including individual members. As an example, "at least one of a, b, or c" is intended to encompass: at least one a; at least one b; at least one c; at least one a and at least one b; at least one a and at least one c; at least one b and at least one c; and at least one a, at least one b, and at least one c. The elements of the various aspects described throughout this disclosure are all structural and functional equivalents that are presently or later come to be known to those of ordinary skill in the art are expressly incorporated herein by reference and are intended to be encompassed by the claims. Furthermore, nothing disclosed herein is intended to be dedicated to the public regardless of whether such disclosure is explicitly recited in the claims.

Claims (9)

1. A camera abnormal access behavior identification and alarm method comprises the following steps:
receiving a traffic data input;
determining whether the stored flow data exceeds a calculation threshold;
if yes, determining whether the length of the stored flow data exceeds the deleting length;
if not, determining whether a cache flow reference value exists;
if yes, determining whether the flow data is larger than the cache flow reference value;
if yes, determining whether the alarm period is met;
if the alarm period is met, storing the flow data and outputting an alarm result,
wherein the cache traffic reference value is determined based on a four-bit difference method:
the cache traffic reference value C is determined according to the following equation:
C=Q 3 +T 1 ×DF,
wherein Q is 3 Representing the original quartile, T 1 Tolerance is indicated and DF is the quarter-bit difference.
2. The method of claim 1, wherein if the stored flow data does not exceed the calculated threshold, storing the flow data and outputting a no alert result.
3. The method of claim 1, wherein if the stored traffic data length exceeds the delete length, deleting the earliest traffic data.
4. The method of claim 1 wherein if the cache traffic reference value is not present, calculating and creating a new cache traffic reference value is based on a four-bit difference method.
5. The method of claim 1, wherein if the traffic data is not greater than the buffered traffic reference value, storing the traffic data and outputting a no alert result.
6. The method of claim 1, wherein if the alarm period is not met, ignoring the flow data and outputting a no alarm result.
7. The method of claim 4, wherein calculating the new cache traffic reference value comprises:
dividing each flow data into a plurality of orders of magnitude according to the number of bits;
searching upper and lower quartiles and finding the median value of all flow data;
moving the upper and lower quartiles to redetermine new upper and lower quartiles with an order of magnitude of the median as a reference;
the position of the new upper and lower quartiles is determined.
8. The method of claim 7 wherein the quadrant difference DF is determined according to:
DF=(Q 3m -Q 1m )/2,
wherein Q is 1 Representing the original lower quartile, Q 1 Is (n+1)/4, Q 3 Is 3 (n+1)/4, Q 1m Is Q after moving 1 Is the position of Q 3m Is Q after moving 3 Where n is the data amount of the selected window.
9. The method of claim 8, wherein the tolerance T 1 Is a value that is periodically analyzed from the flow data of a large number of devices and can be periodically updated.
CN202110639063.1A 2021-06-08 2021-06-08 Camera abnormal access identification and alarm method based on improved four-level difference method Active CN113852591B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110639063.1A CN113852591B (en) 2021-06-08 2021-06-08 Camera abnormal access identification and alarm method based on improved four-level difference method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110639063.1A CN113852591B (en) 2021-06-08 2021-06-08 Camera abnormal access identification and alarm method based on improved four-level difference method

Publications (2)

Publication Number Publication Date
CN113852591A CN113852591A (en) 2021-12-28
CN113852591B true CN113852591B (en) 2023-09-22

Family

ID=78973024

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110639063.1A Active CN113852591B (en) 2021-06-08 2021-06-08 Camera abnormal access identification and alarm method based on improved four-level difference method

Country Status (1)

Country Link
CN (1) CN113852591B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116992390B (en) * 2023-09-26 2023-12-05 北京联创高科信息技术有限公司 Configuration and display method of abnormal data

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104811344A (en) * 2014-01-23 2015-07-29 阿里巴巴集团控股有限公司 Network dynamic service monitoring method and apparatus
CN107454109A (en) * 2017-09-22 2017-12-08 杭州安恒信息技术有限公司 A kind of network based on HTTP flow analyses is stolen secret information behavioral value method
CN110086649A (en) * 2019-03-19 2019-08-02 深圳壹账通智能科技有限公司 Detection method, device, computer equipment and the storage medium of abnormal flow
CN110704284A (en) * 2019-09-27 2020-01-17 高新兴科技集团股份有限公司 Alarm processing method and system in video monitoring scene and electronic equipment
CN110830450A (en) * 2019-10-18 2020-02-21 平安科技(深圳)有限公司 Abnormal flow monitoring method, device and equipment based on statistics and storage medium
CN111506625A (en) * 2020-04-20 2020-08-07 中国建设银行股份有限公司 Alarm threshold determination method and device
CN111614630A (en) * 2020-04-29 2020-09-01 浙江德迅网络安全技术有限公司 Network security monitoring method and device and cloud WEB application firewall
CN111917740A (en) * 2020-07-15 2020-11-10 杭州安恒信息技术股份有限公司 Abnormal flow alarm log detection method, device, equipment and medium
CN112188531A (en) * 2019-07-01 2021-01-05 中国移动通信集团浙江有限公司 Abnormality detection method, abnormality detection device, electronic apparatus, and computer storage medium
CN112597858A (en) * 2020-12-16 2021-04-02 中国电子科技集团公司电子科学研究院 Monitoring method and device and readable storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
MY172616A (en) * 2013-03-13 2019-12-06 Telekom Malaysia Berhad A system for analysing network traffic and a method thereof
US10621602B2 (en) * 2015-09-22 2020-04-14 Adobe Inc. Reinforcement machine learning for personalized intelligent alerting

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104811344A (en) * 2014-01-23 2015-07-29 阿里巴巴集团控股有限公司 Network dynamic service monitoring method and apparatus
CN107454109A (en) * 2017-09-22 2017-12-08 杭州安恒信息技术有限公司 A kind of network based on HTTP flow analyses is stolen secret information behavioral value method
CN110086649A (en) * 2019-03-19 2019-08-02 深圳壹账通智能科技有限公司 Detection method, device, computer equipment and the storage medium of abnormal flow
CN112188531A (en) * 2019-07-01 2021-01-05 中国移动通信集团浙江有限公司 Abnormality detection method, abnormality detection device, electronic apparatus, and computer storage medium
CN110704284A (en) * 2019-09-27 2020-01-17 高新兴科技集团股份有限公司 Alarm processing method and system in video monitoring scene and electronic equipment
CN110830450A (en) * 2019-10-18 2020-02-21 平安科技(深圳)有限公司 Abnormal flow monitoring method, device and equipment based on statistics and storage medium
CN111506625A (en) * 2020-04-20 2020-08-07 中国建设银行股份有限公司 Alarm threshold determination method and device
CN111614630A (en) * 2020-04-29 2020-09-01 浙江德迅网络安全技术有限公司 Network security monitoring method and device and cloud WEB application firewall
CN111917740A (en) * 2020-07-15 2020-11-10 杭州安恒信息技术股份有限公司 Abnormal flow alarm log detection method, device, equipment and medium
CN112597858A (en) * 2020-12-16 2021-04-02 中国电子科技集团公司电子科学研究院 Monitoring method and device and readable storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
A. R. Jakhale.Design of anomaly packet detection framework by data mining algorithm for network flow.《2017 International Conference on Computational Intelligence in Data Science(ICCIDS)》.2018,1-6页. *
陈墨.基于智能策略的网络异常行为检测关键技术研究.《中国优秀博士学位论文全文数据库 信息科技辑》.2021,I139-18页. *

Also Published As

Publication number Publication date
CN113852591A (en) 2021-12-28

Similar Documents

Publication Publication Date Title
KR101825023B1 (en) Risk early warning method and device
US10524027B2 (en) Sensor based system and method for premises safety and operational profiling based on drift analysis
US9852342B2 (en) Surveillance system
US20180278894A1 (en) Surveillance system
CN108230637B (en) Fire-fighting fire alarm method and system
CN111475804A (en) Alarm prediction method and system
CN111680535B (en) Method and system for real-time prediction of one or more potential threats in video surveillance
US20170011312A1 (en) Predicting Work Orders For Scheduling Service Tasks On Intrusion And Fire Monitoring
CN109872482A (en) Wisdom security protection monitoring and managing method, system and storage medium
KR102356666B1 (en) Method and apparatus for risk detection, prediction, and its correspondence for public safety based on multiple complex information
US9607500B2 (en) System and method for prediction of threatened points of interest
CN113011833A (en) Safety management method and device for construction site, computer equipment and storage medium
CN113852591B (en) Camera abnormal access identification and alarm method based on improved four-level difference method
US20230289891A1 (en) Determining an event
CN113391984A (en) Monitoring data processing method and device, computer equipment and storage medium
CN111523762A (en) Exhibition data processing method and device, computer equipment and storage medium
CN113869220A (en) Monitoring method and system for major traffic accidents
CN111540194B (en) Vehicle monitoring data processing method and device, computer equipment and storage medium
CN112257546A (en) Event early warning method and device, electronic equipment and storage medium
CN110020223B (en) Behavior data analysis method and device
CN113095306B (en) Security alarm method and chip
CN114866956B (en) Monitoring method and device for illegal production of mine in abnormal state
KR102347259B1 (en) Method for predicting safety
US20210067596A1 (en) Detecting major events
Kapoor et al. Real-Time Casualty Detection System Using CCTV Surveillance: A Deep Learning Approach

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20220210

Address after: Room 1423, No. 1256 and 1258, Wanrong Road, Jing'an District, Shanghai 200072

Applicant after: Tianyi Digital Life Technology Co.,Ltd.

Address before: 201702 3rd floor, 158 Shuanglian Road, Qingpu District, Shanghai

Applicant before: Tianyi Smart Family Technology Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant